vadvs (vadvs) wrote in changelog,
vadvs
vadvs
changelog

[perlbal] r811: LJSUP-8520: extend AccessControl plugin

Committer: vad
LJSUP-8520: extend AccessControl plugin
U   trunk/lib/Perlbal/Plugin/AccessControl.pm
Modified: trunk/lib/Perlbal/Plugin/AccessControl.pm
===================================================================
--- trunk/lib/Perlbal/Plugin/AccessControl.pm	2008-12-11 23:43:05 UTC (rev 810)
+++ trunk/lib/Perlbal/Plugin/AccessControl.pm	2011-04-06 18:46:32 UTC (rev 811)
@@ -30,7 +30,7 @@
 
     Perlbal::register_global_hook('manage_command.access', sub {
         my $mc = shift->parse(qr/^access\s+
-                              (policy|allow|deny|reset|queue_low)      # cmd
+                              (policy|allow|deny|reset|queue_low|file)      # cmd
                               (?:\s+(\S+))?                  # arg1
                               (?:\s+(\S+))?                  # optional arg2
                               $/x,
@@ -77,6 +77,57 @@
             return $mc->ok;
         }
 
+        if ($cmd eq 'file'){
+            ## ACCESS FILE [ALLOW|DENY] /path/to.acl
+            ## acl:
+            ##      [allow|deny] xxx.yyy.zzz.fff
+            ##      [allow|deny] netmask x.y.z.f/n
+            ##
+
+            my $filename;
+            my $global_policy;
+            if ($arg1 =~ /^allow|deny$/i){
+                $global_policy = $arg1;
+                $filename = $arg2;
+            } else {
+                $filename = $arg1;
+            }
+
+            ## get existing configuration
+            my $rules = $cfg->{rules} ||= [];
+
+            ## read ACL file
+            local *FILE;
+            open FILE, "<", $filename
+                or $mc->err("Can't open access file: $filename, $!");
+            while(my $line = <FILE>){
+                ## remove blanks
+                chomp $line;
+                $line =~ s/^\s+|\s+$//g;
+
+                ## extract policy
+                my $policy = ($line =~ s/^(allow|deny)\s+//i ? $1 : '');
+
+                ## local policy can't rededinf global policy.
+                ## by default, accept 'deny' policy.
+                $policy = $global_policy || $policy || 'deny';
+                $policy = lc $policy;
+
+                ## netmask or one IP.
+                if ($line =~ s/^netmask\s+//i){
+                    my $val = eval { Net::Netmask->new2($line) };
+                    return $mc->err("Error parsing netmask") unless $val;
+                    push @$rules => [ $policy, 'netmast', $val ];
+                } else {
+                    $mc->err("Wrong ip: $line") 
+                        unless $line =~ /^\d+\.\d+\.\d+\.\d+/;
+                    ##
+                    push @$rules => [ $policy, 'ip', $line ];
+                }
+            }
+            return $mc->ok();
+        }
+
         return $mc->err("can't get here");
     });
 
@@ -147,7 +198,7 @@
         my $rules = $cfg->{rules} || [];
         foreach my $rule (@$rules) {
             next unless $match->($rule);
-            return $rule_action->($rule)
+            return $rule_action->($rule);
         }
 
         return $deny->() if $cfg->{deny_default};

Tags: perlbal, pm, vadvs
Subscribe
  • Post a new comment

    Error

    Anonymous comments are disabled in this journal

    default userpic

    Your reply will be screened

    Your IP address will be recorded 

  • 0 comments